Forum Moderators: open
[projecthoneypot.org...]
On Thursday, April 26, 2007 at 10:54am in a court in the Eastern District of Virginia, Project Honey Pot filed the largest anti-spam lawsuit ever. Seeking more than $1B in statutory damages, the suit was brought on behalf of our members. It targets a huge swath of spammers. If you've harvested email addresses or sent spam in the last two years, chances are you're on our radar screen and we're coming after you.
I spent a few minutes researching their email harvester list and found that my bot blocker trapped all but a couple of these jokers, so I'll assume the ones I didn't catch never hit my site.
[projecthoneypot.org...]
This just made my day as I was seeing some particularly nasty crawls today and maybe there is an end in sight, technical or legal, just as long as the crap stops.
Cloaked Bots Report for: 20070426
136 blocked stealth crawlers requested 5050 pages.
Blocked Agent Report for: 20070426
219 blocked crawlers requested 1989 pages.
Out of those numbers we had a few like this:
70.95.253.* [*.san.res.rr.com.] requested 1070 pages as "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
82.201.132.* [unknown] requested 2389 pages as "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 4.0)"
217.87.91.* [*.dip.t-dialin.net.] requested 332 pages as "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 4.0)"
70.132.7.* [*.dsl.snfc21.sbcglobal.net.] requested 325 pages as "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; sbcydsl 3.12; YComp 5.0.0.0)"
Pretty obnoxious abuse wouldn't you say?
Good Luck PROJECT HONEY POT and get 'em good!
They need to set more realistic goals.
Awards can be given but there is no enforcement on collection.
There needs to be CRIMINAL penalties for this behavior
and then it needs to be enforced. Once people start getting
arrested and appearing in their local/national newspapers
it will slow down.
But that said, how can I integrate their list into my server to block those IPs?
[edited by: amznVibe at 10:26 am (utc) on April 28, 2007]
I am sure it gonna help a lot the Virtual world.
For example, if Spammer X lives in South Korea and a court in West Virgina orders Spammer X to pay up $1m then there is no way anyone in the US can collect. So you go to a court in South Korea, present the judgement and order from the US court and request the local court to enforce it.
It is possible and not especially unusual.
Lawsuits against bots? Ha....
Lawsuits against bots?
Everyone's a critic...
Would "Spam Harvesters" suit you better?
Turns out the harvesters aren't always the people doing the spamming, they sometimes just sell the lists.
For example, if Spammer X lives in South Korea and a court in West Virgina orders Spammer X to pay up $1m then there is no way anyone in the US can collect. So you go to a court in South Korea, present the judgement and order from the US court and request the local court to enforce it.
The problem is a serious one. This gimmick is designed to get attention, it's a PR stunt. I hope that in some small way it at least helps towards the end goal.
Man, I do hate the spammers. I guess even if they end up shutting down one spammer its well worth it. These bots take up bandwidth.
This gimmick is designed to get attention, it's a PR stunt. I hope that in some small way it at least helps towards the end goal.
Obviously it's designed to get attention, but I don't think it's just a stunt.
1. The lawyer used in the case has already successfully sued spammers for big clients like AOL and Verizon. Serious lawyers don't associate themselves with frivolous claims as it can destroy their reputation.
2. They filed in Virginia, a state with a strong anti-spam history, against all Virginia IPs involved in spam harvesting and spamming. A very specific and doable niche of spamland.
3. The lawsuit followed the same pattern used by the RIAA lawsuits by claiming all "JOHN DOES" as internet IPs, which will be followed by a motion to subpoena all the records to find out who is behind those IPs.
The only problem I'm concerned with is they may find nothing but a trail of botnets involved. Hopefully there will be experts involved that can tell the difference between someone with a compromised machine and an actual spammer as I certainly don't want to see some innocent personal accidentally crucified over malware.
[edited by: incrediBILL at 4:41 pm (utc) on April 29, 2007]
Serious lawyers don't associate themselves with frivolous claims as it can destroy their reputation.
US courts don't have the power to make other other sovereign states do their bidding. Courts in other countries don't just execute judgements made by US courts
No, they have to get their President to threaten to go to war with them.
On a serious note though, if they've filed for 1bn, how is that divided up? Surely to come up with an actual figure they must have evidence that particular people are resposible for respective amounts.
Harvesting email address is not a crime, nor a bother. They would also have to prove that those email addresses had then been spammed, and some consequential loss was involved. For example, a user who had gone and bought some anti-malware/anti-spam software as a direct result should in theory be able to claim that back through the suit.
I agree with the earlier post, it's not a 'serious' claim, it's not enforcable, most of the guilty will be outside US jurisdiction. They'll probably win with their top lawyers, but get nothing.
It's a publicity stunt, maybe designed as a warning to spammers.
What we really need is, as mentioned earlier is an international law, that can then be enforced with criminal charges. Hopefully those countries outside the US still have the death penalty! ;)
No longer can the average person send mass update mails to friends without a solid chance of being put on their list. To get around this myself, I've had to sign up to newsletter software just to tell people I'm alive and well.
Nice intent, poor implementation. Personally I'd rather run my own spam filter instead of these morons who rely on algos instead of humans.
[edited by: Tigrou at 3:52 pm (utc) on April 30, 2007]
No longer can the average person send mass update mails to friends without a solid chance of being put on their list.
[edited by: superG2007 at 7:54 pm (utc) on April 30, 2007]
[edited by: volatilegx at 1:47 pm (utc) on May 1, 2007]
[edit reason] obfuscated ip address [/edit]
I agree with the earlier post, it's not a 'serious' claim, it's not enforcable, most of the guilty will be outside US jurisdiction. They'll probably win with their top lawyers, but get nothing.
Even if they win and can't collect the money, they'll probably get some of those nasty injunctions that shut down the spammers operation.
Besides, if they do all the work and dig up the owners of the IP addresses in a civil case, if there are any possible associated criminal charges the work will have already been done for the government making their job easier if they decide to make a move on the case.
[edited by: volatilegx at 2:04 pm (utc) on May 1, 2007]
get lured back to the US under some false pretense only to be arrested once he arrived?
Can't do that now - it's called "entrapment".
about a US lawsuit filed in VIRGINIA against VIRGINIA IPs...
You only stated one half of this in your original post, in which case.....
Even if they win and can't collect the money, they'll probably get some of those nasty injunctions that shut down the spammers operation
Then this is probably most likely, but until there are international laws against it, they'll just move base and start up again.
Can't do that now - it's called "entrapment
AFAIK, entrapment is enticing someone to commit a crime they would not otherwise have commited.
Once they have a warrant out, lure away.
The real solution is to develop better protocols for data interchange. Anyone got Vint Cerf's number handy?
Project Honey Pot files $1B+ Lawsuit Against Spammers and Spambots
spam harvesters about to be harvested in court
